Skillget

welsonjs

mcp
Security Audit
Fail
Health Pass
  • License — License: GPL-3.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 447 GitHub stars
Code Fail
  • eval() — Dynamic code execution via eval() in app.js
  • exec() — Shell command execution in app/assets/js/Intl-1.2.5-e93b114.min.js
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool provides a framework for building Windows desktop applications using JavaScript, TypeScript, and HTML/CSS. It operates on the Windows built-in ECMAScript engine, offering a lightweight alternative to environments like Electron.

Security Assessment
The overall risk is rated as Medium. The automated scan flagged the presence of `eval()` in the main application file (`app.js`) and shell command execution capabilities in an included asset file. While `eval()` and shell execution are common in desktop app frameworks that bridge scripting with native OS functions, they introduce potential code injection risks if the application ever processes untrusted external input. The repository does not request broadly dangerous permissions, and the scan did not detect any hardcoded secrets. However, because it interacts deeply with the native operating system, developers should strictly audit any external data passed into the application.

Quality Assessment
The project demonstrates strong health and active maintenance, with repository updates occurring as recently as today. It is fully licensed under GPL-3.0, ensuring clear terms of use. Community trust is solid, evidenced by over 400 GitHub stars, DOI registration, and ongoing user engagement through platforms like Discord.

Verdict
Use with caution: the project is active and well-documented, but developers must be mindful of the dynamic code execution and shell access features when handling untrusted input.
SUMMARY

WelsonJS - Build a Windows app on the Windows built-in JavaScript engine

README.md

welsonjs

FOSSA Status
AppVeyor Status
DOI 10.5281/zenodo.11382384
ChatGPT available
Google Gemini available
slideshare.net presentation
YouTube promotion video
Discord chat
G2
Trustpilot
Open to work
Ask DeepWiki
MCP

WelsonJS logo with four diagonal stripes in red, green, blue, and yellow, overlaid with the letters JS. WelsonJS - Build a Windows app on the Windows built-in JavaScript engine.

A Cover Image: Windows in 1999

Now, You can build a Windows desktop app with JavaScript, TypeScript, CoffeeScript, ReScript, and HTML/CSS on Windows built-in ECMAScript engine.

WelsonJS = Windows + Electron-like + Javascript(JS) + :heart:Contributions

Note: The default license for this project is GPL 3.0. However, if the GPL 3.0 license is not compatible with Microsoft products, it is subject to the MS-RL license.

Sponsors

System Requirements

  • Operating Systems: Windows XP SP3 or later (Currently, Windows 11 24H2)
  • For systems running Windows 2000 or earlier versions (e.g., 95, 98, Me), please contact us separately.

Why Choose WelsonJS?

WelsonJS is an advanced JavaScript framework designed to operate in extreme conditions where conventional solutions may fail. Unlike traditional JavaScript frameworks, WelsonJS focuses on executing scripts in constrained environments, ensuring reliable performance even with minimal system resources.

Key Features

  • Lightweight and Efficient: Optimized for environments with limited computing power, WelsonJS delivers efficient script execution without unnecessary overhead.
  • Windows ECMAScript Compatibility: Designed to run seamlessly on Windows-based systems, adhering to the ECMAScript standard while maintaining lightweight execution.
  • Standalone Execution: Unlike well-known JavaScript runtimes, which require external dependencies, a WelsonJS application can operate as a self-contained app, making it suitable for embedded systems and isolated environments.
  • Security-Oriented: Built with security in mind, ensuring controlled execution of scripts without compromising system integrity.
  • Minimalist Design: WelsonJS strips away unnecessary complexities, focusing on core functionalities that maximize performance and reliability.

Use Cases

  • Legacy System Integration: WelsonJS provides a practical solution for running JavaScript on older Windows environments where modern frameworks are not feasible.
  • Automation and Scripting: Ideal for executing scripts in constrained environments, enabling automated workflows and system-level scripting.
  • Embedded Applications: Suitable for devices and systems with strict resource constraints, such as industrial controllers and embedded platforms.
  • Security-Focused Environments: Useful in security-sensitive applications where dependencies on external network connections are limited.
  • Office Automation: Suitable for office automation tasks using Microsoft Office (Excel, PowerPoint, Word, Outlook, and more...) and various LLM-based AI (such as ChatGPT).

WelsonJS is tailored for developers who need a reliable, lightweight JavaScript framework in environments where traditional solutions are impractical. Whether working with legacy systems, embedded devices, or security-critical applications, WelsonJS ensures that JavaScript remains a viable and efficient option.

Structure

The structure of the WelsonJS framework can be extended based on whether it operates in a console (command prompt) environment, a GUI (with HTML/CSS) environment, or a service environment, with the app.js file at its core.

Specifications

Quick start

1. Write a file lib/sayhello.js

// lib/sayhello.js
function say() {
    console.log("hello");
}

exports.say = say;

exports.VERSIONINFO = "SayHello (sayhello.js) version 0.1";
exports.AUTHOR = "[email protected]";
exports.global = global;
exports.require = global.require;

2. Write a file sayhello.js

// sayhello.js
var SayHello = require("lib/sayhello");

function main() {
    console.log("calling say()");
    SayHello.say();
    console.log("ended say()");
}

exports.main = main;

3. Execute script on the console

C:\Users\JohnDoe\Documents\GitHub\welsonjs> cscript app.js sayhello
calling say()
hello
ended say()

How to release my application?

The WelsonJS framework suggests the following application release methods:

  • Compress to Zip, and use the launcher: Compress the files and directories necessary for running the project into a Zip file, and distribute it along with the WelsonJS Launcher.
  • Build a setup file: Use Inno Setup. The setup profile (the setup.iss file) is already included.
  • Copy all directories and files: This is the simplest and most straightforward method.

Screenshots

(Screenshot 1) GUI environment

(Screenshot 2) Command-line environment

(Screenshot 3) WelsonJS with Microsoft Excel

(Screenshot 4) Write a Windows Service with JavaScript

(Screenshot 5) Template Matching on the computer screen

(Screenshot 6) The Launcher for WelsonJS Application Packages

(Screenshot 7) Microsoft Monaco Editor on WelsonJS Launcher

(Screenshot 8) You can run a .js file just like an executable by simply double-clicking it.

Thanks to

Report abuse

Join the community

I am always open. Collaboration, opportunities, and community activities are all welcome.

Offine copy

If you require an offline copy of this project, please contact an appropriate project maintainer via Discord to arrange the request.

Special channels

Open-source software license

FOSSA Status

Subprojects

  • catswords-jsrt-rs: Minimal ChakraCore (JsRT) bindings for Rust.
  • jsrt-claw: OpenClaw compatible the skill definition for a bulit-in JSRT (JScript 5.x)

Disclaimer

To the maximum extent permitted by applicable law, Namhyeon Go (ko: 고남현) and Catswords Research (ko: 캐츠워즈리서치) shall not be held liable for any direct, indirect, incidental, special, or consequential damages arising out of or in connection with the use of this software outside its intended purpose or scope.

Reviews (0)

No results found